[platform/core/appfw/rpc-port.git] / src / ac-internal.hh

/*
 * Copyright (c) 2017 - 2021 Samsung Electronics Co., Ltd.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#ifndef AC_INTERNAL_HH_
#define AC_INTERNAL_HH_

#include <cynara-client.h>
#include <gio/gio.h>
#include <glib-unix.h>
#include <glib.h>

#include <map>
#include <memory>
#include <string>
#include <vector>

namespace rpc_port {
namespace internal {

class AccessController {
 public:
  explicit AccessController(bool trusted = false) : trusted_(trusted) {}

  void AddPrivilege(std::string privilege);
  void SetTrusted(const bool trusted);
  int Check(int fd, const std::string& sender_appid);

 private:
  class Cynara {
   public:
    Cynara();
    ~Cynara();

    int FetchCredsFromSocket(int fd);
    int Check(const std::string& privilege) const;

   private:
    std::unique_ptr<cynara, decltype(cynara_finish)*> cynara_;
    std::unique_ptr<char, decltype(std::free)*> client_;
    std::unique_ptr<char, decltype(std::free)*> user_;
  };

  int CheckTrusted(const std::string& sender_appid);
  int CheckPrivilege(const Cynara& c);

 private:
  std::vector<std::string> privileges_;
  std::map<std::string, bool> cache_;
  bool trusted_;
  std::string appid_;
};

}  // namespace internal
}  // namespace rpc_port

#endif  // AC_INTERNAL_HH_